Platform
OVERVIEW

Enterprise TruRisk Platform

Everything you need to measure, manage, and reduce your cyber risk in one place

CAPABILITIES

All

Asset Management

Vulnerability & Configuration Management

Risk Remediation

Threat Detection & Response

Compliance

Cloud Security

PLATFORM APPS

ASSET MANAGEMENT

CyberSecurity Asset Management (CSAM)
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software

External Attack Surface Management (EASM) - New
Gain an attacker’s view of your external internet-facing assets and unauthorized software

Vulnerability & Configuration Management

Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster

Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools

Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Risk REMEDIATION

Patch Management (PM)
Efficiently remediate vulnerabilities and patch systems

Custom Assessment and Remediation (CAR)
Quickly create custom scripts and controls for faster, more automated remediation

Threat Detection and Response

Multi-Vector EDR
Advanced endpoint threat protection, improved threat context, and alert prioritization

Context XDR
Extend detection and response beyond the endpoint to the enterprise

Compliance

Policy Compliance
Reduce risk, and comply with internal policies and external regulations with ease

File Integrity Monitoring (FIM)
Reduce alert noise and safeguard files from nefarious actors and cyber threats

Cloud Security

TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.

Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.

Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates

SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.

Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Solutions
Use Cases

Endpoint Security

Compliance

PCI Compliance

DORA Compliance

Cloud Security

Application Security

DevOps

Threat Protection

NIS2

Zero-Trust Security

Segments

Small Business

Mid-Sized Business

Enterprise

Federal
Resources
RESOURCES

Resources Library

Product Tours

Blog

Webinars

Qualys Stream

Fundamentals

RESEARCH

Threat Research Unit

Security Alerts

Security Advisories
Support
SUPPORT
More
Customers

Overview

Best Practices

Success Stories

Testimonials
Partners

Overview

Partner Program

VAD Partners

VAR Resellers

MSP/MSSP Partners

Integration Partners

Partner FAQs

Find a Partner
Company

About Us

Our Team

Investor Relations

News

Awards

Events

Careers

Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try VMDR TruRisk for free
Try CS for free
Sign up for TotalCloud
Sign up for CDR
Try CSAM for free
Try PCI for free
Try DORA for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Enterprise TruRisk Platform
- Cloud Platform - Free Trial
Free Services

Try it

Overview
Platform Apps
Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Overview
Platform Apps
TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates
SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime

@RISK Newsletter for June 14, 2012

The consensus security vulnerability alert.

Vol. 12, Num. 24

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.

Archived issues may be found at the SANS @RISK Newletter Archive.

Top Vulnerability this week: The XML zero day that affects Internet
Explorer users as well as Office 2003 and 2007 users. It was important
enough for Microsoft to make an extra out-of-cycle patch available. The
reason it is so important is that most targeted attacks going after
sensitive intellectual property use a vector like the one used in this
attack.

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM

Title: MySQL Authentication Brute Force Attack
Description: A trivially exploitable attack exists for certain platforms
running MySQL that allows attackers root access to the database without
any credentials. HD Moore has demonstrated a single-line shell script
that will grant access, so live attacks are presumed to exist in the
wild already, with automated scanners for this vulnerability likely to
follow (if not already available).
Reference:
http://vrt-blog.snort.org/2012/06/mysql-authentication-brute-force-attack.html
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
Snort SID: 23115
https://isc.sans.edu/port.html?port=3306

Title: Web Shell With GIF Header
Description: A live shell has been observed in the wild as part of
automated attempts to exploit the WordPress TimThumb vulnerability
released in August of 2011. This shell has a validly formed GIF header
prepended to the malicious PHP code, so that TimThumb’s built-in file
safety checks will be bypassed (as well as any other check based on
file(1), which declares the shell to be a valid GIF file). Several
monitoring organizations have reported this shell being dropped very
widely in the field.
Reference:
http://vrt-blog.snort.org/2012/06/web-shell-poses-as-gif.html
http://blog.spiderlabs.com/2011/11/wordpress-timthumb-attacks-rising.html
Snort SID: 23113, 23114
ClamAV: PHP.Hide

Title: CVE-2012-1875 Microsoft Internet Explorer DOM manipulation memory corruption
Description: This is a complex Document Object Model heap overwrite, but
several actors are using it in targeted attacks observed across the
globe. Several variants of the attack are in public already, and more
are being traded in the underground. Users of Internet Explorer should
patch this bug as promptly as possible.
Reference:
http://technet.microsoft.com/en-us/security/bulletin/MS12-037
Snort SID: 23125
ClamAV: Exploit.CVE_2012_1875, Exploit.CVE_2012_1875-1

Title: Unauthorized Microsoft Security Certificates Allow Windows Update Spoofing
Description: The recently discovered Flame malware used a specifically
crafted SSL certificate to man-in-the-middle the Windows Update process
and inject code. As any certificate issued by a pair of intermediate
signing authorities could, if used by Flame or others, lead to
unauthorized content being trusted by the operating system, Microsoft
explicitly revoked all certificates issued by those authorities.
Reference:
http://technet.microsoft.com/en-us/security/advisory/2718704
Snort SID: 23090
ClamAV: N/A

Title: CVE-2011-2140 Adobe Flash Player MP4 Buffer Overflow:
Description: A simple buffer overflow attack exists in the way Adobe
Flash parses certain chunks of MP4 files. Public exploits exist, and
have been incorporated into the Chinese Yang Pack exploit kit. Active
exploitation of this vulnerability has been observed in the wild by the
Sourcefire VRT.
Reference:
http://www.adobe.com/support/security/bulletins/apsb11-21.html
Snort SID: 19693, 20555, 21006, 23098
ClamAV: Trojan.GameThief-3, Exploit.SWF-24, Trojan.Cossta-22

USEFUL EXPLANATIONS OF HOW NEW ATTACKS WORK

(1) Flame malware collision attack explained:
http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx
http://www.trailofbits.com/resources/flame-md5.pdf

(2) Facebook begins notifying DNSChanger victims:
http://www.zdnet.com/blog/security/facebook-begins-notifying-dnschanger-victims/12296

(3) Spear Phishing Attempt vs. Digital Bond Analyzed:
http://www.digitalbond.com/2012/06/11/analysis-of-spear-phishing-malware-file/

(4) Post Mortem: Today’s attack; apparent Google Apps/Gmail
vulnerability; and how to protect yourself:
http://blog.cloudflare.com/post-mortem-todays-attack-apparent-google-app

RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

ID: CVE-2012-1889
Title: Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
Vendor: Microsoft
Description: Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses
uninitialized memory locations, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted web site.
CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

ID: CVE-2012-1875
Title: Microsoft Internet Explorer CVE-2012-1875 Same ID Property Remote
Code Execution Vulnerability
Vendor: Microsoft
Description: Microsoft Internet Explorer 8 does not properly handle
objects in memory, which allows remote attackers to execute arbitrary
code by accessing a deleted object, aka “Same ID Property Remote Code
Execution Vulnerability.”
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

ID: CVE-2012-1849
Title: Microsoft Lync CVE-2012-1849 DLL Loading Arbitrary Code Execution Vulnerability
Vendor: Microsoft
Description: Untrusted search path vulnerability in Microsoft Lync 2010,
2010 Attendee, and 2010 Attendant allows local users to gain privileges
via a Trojan horse DLL in the current working directory, as demonstrated
by a directory that contains a .ocsmeet file, aka “Lync Insecure Library
Loading Vulnerability.
CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

ID: CVE-2012-0985
Title: Sony VAIO Wireless Manager ActiveX Control ‘WifiMan.dll’ Multiple
Buffer Overflow Vulnerabilities
Vendor: Sony
Description: Multiple buffer overflows in the Wireless Manager ActiveX
control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0;
VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi
Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy
Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a long
string in the second argument of the (1) SetTmpProfileOption or (2)
ConnectToNetwork method.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

ID: CVE-2012-2436
Title: Pligg CMS CVE-2012-2436 Multiple Cross Site Scripting Vulnerabilities
Vendor: Pligg
Description: Multiple cross-site scripting (XSS) vulnerabilities in
Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web
script or HTML via (1) an arbitrary parameter in a move or (2) minimize
action to admin/admin_index.php; (3) the karma_username parameter to
module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low,
or (7) q_2_high parameter in a configure action to module.php in the
captcha module; or (8) the edit parameter to module.php in the
admin_language module.
CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

ID: CVE-2012-1824
Title: Measuresoft ScadaPro DLL Loading Arbitrary Code Execution Vulnerability
Vendor: Measuresoft
Description: Untrusted search path vulnerability in Measuresoft ScadaPro
Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users
to gain privileges via a Trojan horse DLL in the current working
directory.
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

MOST POPULAR MALWARE FILES 5/29/2012 - 6/5/2012

(Compiled by Sourcefire)

SHA 256: 1481ACE90584C46406259C653D2BD3457A2E5F44781E907731C9A618F96C7442
MD5: bb74024a1d4e4808562c090980151653
VirusTotal: https://www.virustotal.com/file/1481ACE90584C46406259C653D2BD3457A2E5F44781E907731C9A618F96C7442
Malwr: http://malwr.com/analysis/63fdbb9c9802d680dc6d622d2e228317/
Typical Filename: MWSSVC.EXE
Claimed Product: My Web Search Bar
Claimed Publisher: MyWebSearch.com

SHA 256: CB85D393C4E0DB5A1514C21F9C51BA4C12D82B7FABD9724616758AE528A5B16B
MD5: 7961a56c11ba303f20f6a59a506693ff
VirusTotal: https://www.virustotal.com/file/CB85D393C4E0DB5A1514C21F9C51BA4C12D82B7FABD9724616758AE528A5B16B
Malwr: http://malwr.com/analysis/7961a56c11ba303f20f6a59a506693ff
Typical Filename: C8A787C22000AE378610003396E67500D587FA4E.exe
Claimed Product: My Web Search Bar for Internet Explorer and FireFox
Claimed Publisher: MyWebSearch.com

SHA 256: DFE385206E3BA737636463B22501B801B88169AF789424E8A33C3CF07A8B2235
MD5: 589c85ad4b3fd73456f32eb9d58e2f9c
VirusTotal: https://www.virustotal.com/file/DFE385206E3BA737636463B22501B801B88169AF789424E8A33C3CF07A8B2235
Malwr: http://malwr.com/analysis/589c85ad4b3fd73456f32eb9d58e2f9c
Typical Filename: 3E229CF2E0B55D93A59C027D284E7A0088209A1A.exe
Claimed Product: ShopAtHome.com Shopping Toolbar
Claimed Publisher: -

SHA 256: D69EE2A46B02A39C7BCCFFE10FB4280EFF268E2633E39697DC59CFA0D5D7CB3C
MD5: 5d3d195648820c95f20e4e9189e1937b
VirusTotal: https://www.virustotal.com/file/D69EE2A46B02A39C7BCCFFE10FB4280EFF268E2633E39697DC59CFA0D5D7CB3C
Malwr: http://malwr.com/analysis/5d3d195648820c95f20e4e9189e1937b
Claimed Product: -
Claimed Publisher: -

SHA 256: AA0BBAECB678868E1E7F57C7CA9D61B608B3D788BE490790EB1D148BEADF4615
MD5: 3291e1603715c47a23b60a8bf2ca73db
VirusTotal: https://www.virustotal.com/file/AA0BBAECB678868E1E7F57C7CA9D61B608B3D788BE490790EB1D148BEADF4615
Typical Filename: avz00001.dta
Claimed Product: -
Claimed Publisher: -

Subscribe to the newsletter

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Enterprise TruRisk Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

@RISK Newsletter for June 14, 2012

The consensus security vulnerability alert.

CONTENTS:

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM

USEFUL EXPLANATIONS OF HOW NEW ATTACKS WORK

RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

MOST POPULAR MALWARE FILES 5/29/2012 - 6/5/2012